package cn.imu.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author 杨鑫
 */
@Configuration
public class ShiroConfig {

 /*     <!--Subject 用户
    SecurityManager 管理所有用户
    Realm 连接数据库-->*/

    //第一步：创建realm对象,需要自定义
    @Bean(name = "userRealm")
    public UserRealm userRealm(){
        return new UserRealm();
    }

    //第二步：DefaultWebSecurityManager
    @Bean(name="securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        //关联UserRealm,使用@Qualifier("userRealm")关联注入的bean对象
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(userRealm);

        return defaultWebSecurityManager;
    }
    //第三步、shiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        System.out.println("3：ShiroConfiguration.shiroFilter()：配置权限控制规则");
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        //添加Shrio的内置过滤器
        /*
        anon:无需认证就可以访问
        authc:必须认证才能访问
        user：必须拥有“记住我”功能才能拥有
        perms:拥有对某个资源的权限才能访问
        role:拥有某个角色的权限才能访问
         */
   /*     Map<String,String> fiterMap=new LinkedHashMap<>();
     //*       fiterMap.put("/user/add","authc");
        //fiterMap.put("/user/update","authc");


        shiroFilterFactoryBean.setFilterChainDefinitionMap(fiterMap);
*/

        //拦截器
        Map<String,String> filtrChainDefinitionMap=new LinkedHashMap<String,String>();

        //授权
        //必须为user且有add权限，(否则，正常情况下，会跳到未授权页面)
        filtrChainDefinitionMap.put("/user/add","perms[user:add]");
        filtrChainDefinitionMap.put("/user/update","perms[user:update]");

        filtrChainDefinitionMap.put("/user/*","authc");
        //匿名可以访问的地址
        //filtrChainDefinitionMap.put("/dologin","anon");
        filtrChainDefinitionMap.put("/css/**","anon");
        filtrChainDefinitionMap.put("/fonts/**","anon");
        filtrChainDefinitionMap.put("/images/**","anon");
        filtrChainDefinitionMap.put("/js/**","anon");
        filtrChainDefinitionMap.put("/localcss/**","anon");
        //配置退出（记住我状态下，可清除记住我的cookie）
        filtrChainDefinitionMap.put("/logout","logout");

        //设置登录的请求
       shiroFilterFactoryBean.setLoginUrl("/toLogin");
        //设置未授权页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/noauth");

        //所有路径必须授权访问（登录），且必须放在最后
        //filtrChainDefinitionMap.put("/**","user");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filtrChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

    //整合ShrioDialect:用来整合shrio themeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}
